<?
session_start();

	$username =$_SESSION['sess_Username'] ;
	//include "chksession.php" ;
	$Oldpass=$_POST[Oldpass];
	$Newpass=$_POST[Newpass] ;
	$Newpass2=$_POST[Newpass2] ;
	?>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
	<?
	include "connectdb.php" ;
	$sql = "SELECT * FROM ag_employee WHERE emp_username='$username'  and emp_password ='$Oldpass' ";
	//$sql2 = "select count(Emp_Username) from ag_employee where 'Emp_Username'='zzz'  and 'Emp_Password'='555' ";
	
	$result = mysql_db_query($dbname,$sql) ;
	$r = mysql_fetch_array($result);
	
//	$result=mysql_db_query($dbname,$sql2) ;
//	$r2 = mysql_fetch_array($result);

	$Emp_Password=$r['emp_password'];

if ($Oldpass != $r['emp_password'] or $r1 == '0') {
	?> 
   <script>
	   alert('รหัสผ่านเดิมไม่ถูกต้อง');
	</script>
	<meta http-equiv='refresh' content='0;URL=admin_changepasswd.php'>
<?
}
else {
$sql = "UPDATE ag_employee SET emp_password = '$Newpass' WHERE emp_username = '$username' AND emp_password = '$Oldpass' ";
$result = mysql_db_query($dbname,$sql);
	?> 
   <script>
	   alert('เปลี่ยนรหัสผ่านเรียบร้อยแล้ว');
	</script>
	<meta http-equiv='refresh' content='0;URL=admin_home.php'>
	<?
   }
?>